github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,733 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

1864 Commits (82506f0586d5e3365c74dbb3d51d2ab31bede2a0)

Author SHA1 Message Date
sebres 82506f0586 filter.d/selinux-ssh.conf, filter.d/selinux-common.conf: fixes #3405 (new format with GS and additional parameters, e. g. grantors) 2022-11-14 18:51:06 +01:00
sebres d8e2b03a24 `filter.d/named-refused.conf` extended (closes gh-3388): 
- support BIND named log categories
  - allow `info:` as possible error prefix too ("query (cache) denied" may occur as info)
 2022-11-03 11:41:21 +01:00
sebres ca2b94c522 fixes gh-3370: resolve extremely long search by repeated apply of non-greedy RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following branches (it may be extremely slow up to infinite search depending on message); added new regression tests 
amend to gh-3210: fixes regression and matches new format in aggressive mode too
 2022-10-04 14:10:45 +02:00
Jeff Johnson f9f78ed9d2
IPThreat integration (#3349) 
new IPThreat action
 2022-09-13 11:01:46 +02:00
sebres d6896eb26d New logtarget: systemd-journal; 
rebased #1403 from da2x:feature-systemd-journal
 2022-08-29 12:30:05 +02:00
sebres a08b925468 Merge branch '0.11' 2022-08-17 16:59:02 +02:00
sebres 467024797f Merge branch '0.10' into 0.11 2022-08-17 16:56:10 +02:00
Sergey G. Brester e289a1155e
Merge pull request #3269 from Logic-32/feature/cloudflare-token 
Adding support for Cloudflare Token API.
 2022-08-09 16:56:17 +02:00
Sergey G. Brester 514cca9ade
filter.d/sendmail-auth.conf: detect failures without user part 2022-08-01 09:20:28 +02:00
Sergey G. Brester a2264dcef0
Merge pull request #2636 from brianjmurrell/patch-2 
FreeIPA renames named to named-pkcs11
 2022-06-21 14:19:16 +02:00
Sergey G. Brester 3e9321e71b
non-capturing group and any variant of suffix 2022-06-21 14:15:38 +02:00
sebres 9272cce13d Merge branch '0.11' 2022-06-02 21:06:12 +02:00
sebres a69d42cea5 Merge branch '0.10' into 0.11 2022-06-02 21:04:43 +02:00
Sergey G. Brester fbfc85d8c0
common.conf: fixed typo in comment (rfc5424 for logtype) 
no functional changes; closes #3274
 2022-05-12 18:09:09 +02:00
Logic-32 d11ad3b90f Adding jail name to notes to disambiguate between jails. 2022-05-07 20:52:39 -06:00
Logic-32 e89b2c0ff7 Moving inet6 family block to the end so other config doesn't get added to it. 2022-05-07 20:41:33 -06:00
Logic-32 7e7b9f4a35 Adding support for Cloudflare Token API. 
Closes #3080
 2022-04-27 14:19:18 -06:00
sebres a2431158f6 implements new interpolation variable `%(fail2ban_confpath)s` (automatically substituted from config-reader path, default `/etc/fail2ban` or `/usr/local/etc/fail2ban` depending on distribution); `ignorecommands_dir` is unneeded anymore, thus removed from `paths-common.conf`; 
fixes gh-3005
 2022-02-09 17:10:19 +01:00
sebres 13520a0494 Merge branch '0.11' 2022-02-09 15:45:17 +01:00
sebres 8ac49b5858 Merge branch '0.10' into 0.11 2022-02-09 15:44:35 +01:00
László Károlyi f380d6202d cherry pick #3210 from master 2022-02-09 15:43:21 +01:00
sebres 498e473a10 filter.d/courier-auth.conf: consider optional port after IP, regex is rewritten without catch-all's and right anchor, so it is more stable against further modifications now; 
closes #3211
 2022-02-09 12:18:23 +01:00
sebres 810386a265 filter.d/dovecot.conf: parse everything in parenthesis by auth-worker info, e. g. can match (pid=...,uid=...) too 
(amend to 92f90038fa)
 2022-02-08 19:21:37 +01:00
Sergey G. Brester dfc866ea41
improve RE to solve conflict with expected another open parenthesis 2022-01-27 17:50:28 +01:00
László Károlyi 0f1706d4a1
Adjusting for updated dovecot log format 
This should now match:

`Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=<sales@karolyi.hu>, rip=183.111.188.94, lip=127.0.0.19, session=<Lsz0Oo7WXti3b7xe>`

the issue is the `read(size=1003)` that probably has been added lately and which causes the rule not to discover the log message.
 2022-01-27 11:28:20 +00:00
sebres 06d2623c5e iptables and iptables-ipset actions extended to support multiple protocols with single action for multiport or oneport type (back-ported from nftables action); 
amend to gh-980 fixing several actions (correctly supporting new enhancements now)
 2022-01-26 21:51:11 +01:00
sebres b639c8869c make several iptables actions more breakdown-safe: start wouldn't fail if chain or rule already exists (e. g. created by previous instance and doesn't get purged properly); 
ultimately closes gh-980
 2022-01-25 00:35:14 +01:00
sebres 3d7e3bc2fb make ipset actions more breakdown-safe: start wouldn't fail if set with this name already exists (e. g. created by previous instance and don't deleted properly) 2022-01-24 22:56:16 +01:00
sebres 7db1c97a3e Merge remote-tracking branch 'remotes/sebres/1.0-breakdown-safe-actions' with master; 
conflicts resolved
 2022-01-24 22:31:51 +01:00
sebres 970573d1cb Merge branch '0.11' 2022-01-18 16:17:49 +01:00
sebres 35d73d9758 Merge branch '0.10' into 0.11 2022-01-18 16:17:07 +01:00
sebres bf689c27b8 filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of f77398c49d); 
closes gh-3086
 2022-01-18 15:42:35 +01:00
sebres 8bf15db688 filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port; 
closes gh-3169
 2022-01-18 15:41:27 +01:00
sebres 80805cabfc Merge branch '0.11' 2021-11-03 16:01:00 +01:00
sebres 0b3ad780fe Merge branch '0.10' into 0.11 2021-11-03 15:48:21 +01:00
sebres 4b54a07d71 Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;" 
This reverts the incompatibility #3047 introduced by commit a038fd5dfe (#2821).
 2021-11-01 11:45:40 +01:00
Sylvestre Ledru 3245b8018b
Add the Debian path to roundcube error logs 2021-10-23 17:38:20 +02:00
Sergey G. Brester ba839af8ad
filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116) 2021-10-01 15:03:24 +02:00
sebres 10cd815525 merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:06:06 +02:00
sebres c03fe6682c merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:04:46 +02:00
sebres 410a6ce5c8 fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence 2021-06-21 17:12:53 +02:00
sebres 579c6a94af filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040) 2021-06-10 15:23:24 +02:00
sebres 43f2923fbd filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user"; 
both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters
 2021-06-10 15:06:54 +02:00
Sergey G. Brester bbfff18280
action.d/ufw.conf: amend to #3018: parameter `kill-mode` extended with conntrack 2021-06-03 12:02:08 +02:00
sebres c7a86b4616 action.d/firewallcmd-ipset.conf: amend to #2620: 
- combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`);
- IPv6-capability for firewalld ipset;
- no internal timeout handling by default;
- no permanent rules yet
 2021-05-29 22:59:55 +02:00
Sergey G. Brester 2a508da5a0
Merge pull request #2620 from mspolitaev/master 
Using native firewalld ipset implementation
 2021-05-29 21:30:55 +02:00
sebres 38535b0cca Merge branch '0.11' into master 2021-05-29 21:25:24 +02:00
sebres d2f5c7de09 Merge branch '0.10' into 0.11 2021-05-29 21:24:11 +02:00
sebres 92f90038fa filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553 2021-05-29 21:12:34 +02:00
sebres 8b984a0135 filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553) 2021-05-29 20:47:56 +02:00